---
title: DNS configuration
x-toc-enable: true
...

Introduction
============

This section is geared towards authoritative DNS servers. For example, if you
had the domain name `domain.com`, you might have these name servers:

* `ns1.domain.com`
* `ns2.domain.com`

Your domain name must have at *least* two name servers. Firstly, we will cover
how to set *up* the DNS server itself. Later, we will cover how to configure
records such as A, AAAA, TXT, NS and other records inside *zone files*.

**Yes. You can run it yourself. This is dark magic, that Fedfree will teach
you how to use.**

No fancy web interface. Just good old fashioned zone files, edited in Vim.
Let's jump right in!

Requirement
===========

Operating system
----------------

Linux or BSD is totally fine.

IP addresses
------------

If you're only running IPv4, you need at least 2 IPv4 addresses, publicly
routable with port 53 open for DNS. This section will not cover how to open
ports on your firewall, or forward ports on your router, but you can refer to
other information elsewhere for that.

If you're running IPv6 aswell, you need at least two IPv6 addresses.
*We recommend running dual stack IPv4 and IPv6 infrastructure, for all
services. IPv4 is the legacy internet, and has been since the 90s. Just
because the rest of the world still hasn't caught up, doesn't mean you should
copy bad practises. You should always run both IPv4 and IPv6!*

Authoritative name server setup
===============================

When you resolve a domain name, you use one of the root DNS servers on
the internet, the NS record for that domain specifies which name servers are
to be used. If you're running your *own* DNS servers, then a `glue` record
must be set, specifying the IPv4 and IPv6 address of each DNS host,
e.g. `ns1.domain.com` might specify `81.187.172.130`, which would be the IP
address of that name server. That server is what responds, resolving names
to IPs (and IPs to names, if configuring PTR records for reverse DNS).

It's called the *authoritative* name server, because it's the designated
master server for your domain. You will additionally set up a *slave* server
as backup, in case the main one goes down. When you want to reconfigure a
domain name, the name server will send new information to the root DNS servers.

That is what we will be setting up, in these tutorials. Fedfree recommends
the use of [gandi.net](https://www.gandi.net/) for domain name registrations,
because:

* Very friendly to libre software projects (lots of libre projects use gandi)
* Many, many options in the control panel, *including the ability to set
  IPv6 glue records!*

Debian (bind9)
------

Refer to [debian-bind.md](debian-bind.md)

Other name server daemons exist, but we will use bind.

TODO: cover other operating systems, e.g. OpenBSD.

DNS configuration
=================

This section will cover how to configure domain names, once your name server
software is up and running.

Bind (any distro)
-----------------

Refer to [zonefile-bind.md](zonefile-bind.md)
